Rapid7 Blog

Integrating etckeeper with Logentries &amp; Chef

POST STATS:

SHARE

When working within a team to maintain system infrastructure, properly documenting and communicating changes made to configuration files within /etc is fundamental to preventing knowledge gaps throughout your team.

While version control tools like git are helpful in tracking standard changes to a code base, git doesn’t capture metadata important to /etc like permissions of /etc/shadow. To address this need, we’ve been exploring etckeeper – a small the version control application developed by Joey Hess (of Debian fame) for recording packaging installed or removed from /etc. While working with etckeeper, it became apparent that tracking changes over time in context of other events occurring within our systems would be useful and easily accomplished with Logentries.

etckeeper has a number of execution stages and provides a mechanism for hooking into each stage via a set of simple scripts. Using the Logentries API, you can easily send etckeeper metadata at etckeeper’s post-install and commit phases. All you’ll need to start with is a token-based log in your Logentries account.

During the post-install phase we use a hook stored in /etc/etckeeper/post-install.d/40send-to-logentries. You’ll need to insert the correct token into the following script.

Once your etckeeper metadata is being sent to Logentries, there are several useful things you can do, including:

Building alerts to notify teams of new changes

Creating custom tags to easily spot specific changes

Build dashboards to visualize config changes over time, compared to systems behavior

If you use Chef, we developed an etckeeper_wrapper cookbook which extends the etckeeper-cookbook, providing a number useful features for deploying etckeeper and a handler for the chef-client to execute etckeeper at every chef-client run. This provides a small safety net for the ops team to revert changes if things go wrong. The etckeeper_wrapper cookbook can be found here at https://github.com/jcftang/etckeeper_wrapper.